new mailman < 2.1.31 content injection vulnerability
similar to CVE-2018-13796 (not sure if they'll reuse that no. so
not including in Security: tags below)
https://bugs.launchpad.net/mailman/+bug/1873722
Security: 88760f4d-8ef7-11ea-a66d-4b2ef158be83